def pehash(self):
if not HAVE_PEHASH:
self.log(
'error',
"PEhash is missing. Please copy PEhash to the modules directory of Viper"
)
return
current_pehash = None
if __sessions__.is_set():
current_pehash = calculate_pehash(__sessions__.current.file.path)
self.log('info', "PEhash: {0}".format(bold(current_pehash)))
if self.args.all or self.args.cluster or self.args.scan:
db = Database()
samples = db.find(key='all')
rows = []
for sample in samples:
sample_path = get_sample_path(sample.sha256)
pe_hash = calculate_pehash(sample_path)
if pe_hash:
rows.append((sample.name, sample.md5, pe_hash))
if self.args.all:
self.log('info', "PEhash for all files:")
header = ['Name', 'MD5', 'PEhash']
self.log('table', dict(header=header, rows=rows))
elif self.args.cluster:
self.log('info', "Clustering files by PEhash...")
cluster = {}
for sample_name, sample_md5, pe_hash in rows:
cluster.setdefault(pe_hash,
[]).append([sample_name, sample_md5])
for item in cluster.items():
if len(item[1]) > 1:
self.log(
'info', "PEhash {0} was calculated on files:".format(
bold(item[0])))
self.log('table', dict(header=['Name', 'MD5'],
rows=item[1]))
elif self.args.scan:
if __sessions__.is_set() and current_pehash:
self.log('info', "Finding matching samples...")
matches = []
for row in rows:
if row[1] == __sessions__.current.file.md5:
continue
if row[2] == current_pehash:
matches.append([row[0], row[1]])
if matches:
self.log('table', dict(header=['Name', 'MD5'],
rows=matches))
else:
self.log('info', "No matches found")
def pehash(self):
if not HAVE_PEHASH:
self.log('error', "PEhash is missing. Please copy PEhash to the modules directory of Viper")
return
current_pehash = None
if __sessions__.is_set():
current_pehash = calculate_pehash(__sessions__.current.file.path)
self.log('info', "PEhash: {0}".format(bold(current_pehash)))
if self.args.all or self.args.cluster or self.args.scan:
db = Database()
samples = db.find(key='all')
rows = []
for sample in samples:
sample_path = get_sample_path(sample.sha256)
pe_hash = calculate_pehash(sample_path)
if pe_hash:
rows.append((sample.name, sample.md5, pe_hash))
if self.args.all:
self.log('info', "PEhash for all files:")
header = ['Name', 'MD5', 'PEhash']
self.log('table', dict(header=header, rows=rows))
elif self.args.cluster:
self.log('info', "Clustering files by PEhash...")
cluster = {}
for sample_name, sample_md5, pe_hash in rows:
cluster.setdefault(pe_hash, []).append([sample_name, sample_md5])
for item in cluster.items():
if len(item[1]) > 1:
self.log('info', "PEhash cluster {0}:".format(bold(item[0])))
self.log('table', dict(header=['Name', 'MD5'], rows=item[1]))
elif self.args.scan:
if __sessions__.is_set() and current_pehash:
self.log('info', "Finding matching samples...")
matches = []
for row in rows:
if row[1] == __sessions__.current.file.md5:
continue
if row[2] == current_pehash:
matches.append([row[0], row[1]])
if matches:
self.log('table', dict(header=['Name', 'MD5'], rows=matches))
else:
self.log('info', "No matches found")
def pehash(self):
def usage():
print("usage: pe pehash [-hac]")
def help():
usage()
print("")
print("Options:")
print("\t--help (-h)\tShow this help message")
print("\t--all (-a)\tPrints the PEhash of all files in the project")
print("\t--cluster (-c)\tCalculate and cluster all files in the project")
print("\t--scan (-s)\tScan repository for matching samples")
print("")
try:
opts, argv = getopt.getopt(self.args[1:], 'hacs', ['help', 'all', 'cluster', 'scan'])
except getopt.GetoptError as e:
print(e)
return
arg_all = False
arg_cluster = False
arg_scan = False
for opt, value in opts:
if opt in ('-h', '--help'):
help()
return
elif opt in ('-a', '--all'):
arg_all = True
elif opt in ('-c', '--cluster'):
arg_cluster = True
elif opt in ('-s', '--scan'):
arg_scan = True
if not HAVE_PEHASH:
print_error("PEhash is missing. Please copy PEhash to the modules directory of Viper")
return
current_pehash = None
if __sessions__.is_set():
current_pehash = calculate_pehash(__sessions__.current.file.path)
print_info("PEhash: {0}".format(bold(current_pehash)))
if arg_all or arg_cluster or arg_scan:
db = Database()
samples = db.find(key='all')
rows = []
for sample in samples:
sample_path = get_sample_path(sample.sha256)
pe_hash = calculate_pehash(sample_path)
if pe_hash:
rows.append((sample.name, sample.md5, pe_hash))
if arg_all:
print_info("PEhash for all files:")
header = ['Name', 'MD5', 'PEhash']
print(table(header=header, rows=rows))
elif arg_cluster:
print_info("Clustering files by PEhash...")
cluster = {}
for sample_name, sample_md5, pe_hash in rows:
cluster.setdefault(pe_hash, []).append([sample_name, sample_md5])
for item in cluster.items():
if len(item[1]) > 1:
print_info("PEhash {0} was calculated on files:".format(bold(item[0])))
print(table(header=['Name', 'MD5'], rows=item[1]))
elif arg_scan:
if __sessions__.is_set() and current_pehash:
print_info("Finding matching samples...")
matches = []
for row in rows:
if row[1] == __sessions__.current.file.sha256:
continue
if row[2] == current_pehash:
matches.append([row[0], row[1]])
if matches:
print(table(header=['Name', 'MD5'], rows=matches))
else:
print_info("No matches found")
def pehash(self):
def usage():
print("usage: pe pehash [-hac]")
def help():
usage()
print("")
print("Options:")
print("\t--help (-h)\tShow this help message")
print(
"\t--all (-a)\tPrints the PEhash of all files in the project")
print(
"\t--cluster (-c)\tCalculate and cluster all files in the project"
)
print("\t--scan (-s)\tScan repository for matching samples")
print("")
try:
opts, argv = getopt.getopt(self.args[1:], 'hacs',
['help', 'all', 'cluster', 'scan'])
except getopt.GetoptError as e:
print(e)
return
arg_all = False
arg_cluster = False
arg_scan = False
for opt, value in opts:
if opt in ('-h', '--help'):
help()
return
elif opt in ('-a', '--all'):
arg_all = True
elif opt in ('-c', '--cluster'):
arg_cluster = True
elif opt in ('-s', '--scan'):
arg_scan = True
if not HAVE_PEHASH:
print_error(
"PEhash is missing. Please copy PEhash to the modules directory of Viper"
)
return
current_pehash = None
if __sessions__.is_set():
current_pehash = calculate_pehash(__sessions__.current.file.path)
print_info("PEhash: {0}".format(bold(current_pehash)))
if arg_all or arg_cluster or arg_scan:
db = Database()
samples = db.find(key='all')
rows = []
for sample in samples:
sample_path = get_sample_path(sample.sha256)
pe_hash = calculate_pehash(sample_path)
if pe_hash:
rows.append((sample.name, sample.md5, pe_hash))
if arg_all:
print_info("PEhash for all files:")
header = ['Name', 'MD5', 'PEhash']
print(table(header=header, rows=rows))
elif arg_cluster:
print_info("Clustering files by PEhash...")
cluster = {}
for sample_name, sample_md5, pe_hash in rows:
cluster.setdefault(pe_hash,
[]).append([sample_name, sample_md5])
for item in cluster.items():
if len(item[1]) > 1:
print_info("PEhash {0} was calculated on files:".format(
bold(item[0])))
print(table(header=['Name', 'MD5'], rows=item[1]))
elif arg_scan:
if __sessions__.is_set() and current_pehash:
print_info("Finding matching samples...")
matches = []
for row in rows:
if row[1] == __sessions__.current.file.md5:
continue
if row[2] == current_pehash:
matches.append([row[0], row[1]])
if matches:
print(table(header=['Name', 'MD5'], rows=matches))
else:
print_info("No matches found")
